HP-UX Directory Server 8.1 plug-in reference
Table Of Contents
- HP-UX Directory Server plug-in reference
- Table of Contents
- Part I Introduction to Directory Server plug-ins
- 1 An overview of Directory Server plug-ins
- 2 Writing and compiling plug-ins
- 3 Configuring plug-ins
- 4 An example plug-in
- Part II Writing functions and plug-ins
- 5 Front end API functions
- 5.1 Logging messages
- 5.2 Adding notes to access log entries
- 5.3 Sending data to the client
- 5.4 Determining if an operation was abandoned
- 5.5 Working with entries, attributes, and values
- 5.6 Working with DNs and RDNs
- 5.7 Working with search filters
- 5.8 Checking passwords
- 6 Writing pre- and postoperation plug-ins
- 7 Defining functions for LDAP operations
- 7.1 Specifying start and close functions
- 7.2 Processing an LDAP bind operation
- 7.3 Processing an LDAP unbind operation
- 7.4 Processing an LDAP search operation
- 7.5 Processing an LDAP compare operation
- 7.6 Processing an LDAP add operation
- 7.7 Processing an LDAP modify operation
- 7.8 Processing an LDAP modify RDN operation
- 7.9 Processing an LDAP delete operation
- 7.10 Processing an LDAP abandon operation
- 8 Defining functions for authentication
- 8.1 Understanding authentication methods
- 8.2 How the Directory Server identifies clients
- 8.3 How the authentication process works
- 8.4 Writing your own authentication plug-in
- 8.5 Writing a preoperation bind plug-in
- 8.6 Using SASL with an LDAP client
- 9 Writing entry store/fetch plug-ins
- 10 Writing extended operation plug-ins
- 11 Writing matching rule plug-ins
- 11.1 Understanding matching rules
- 11.2 Understanding matching rule plug-ins
- 11.3 Indexing based on matching rules
- 11.4 Handling extensible match filters
- 11.4.1 How the server handles the filter
- 11.4.2 Query operators in matching rules
- 11.4.3 Writing a filter factory function
- 11.4.4 Getting and setting parameters in filter factory functions
- 11.4.5 Writing a filter index function
- 11.4.6 Getting and setting parameters in filter index functions
- 11.4.7 Writing a filter matching function
- 11.5 Handling sorting by matching rules
- 11.6 Writing a destructor function
- 11.7 Writing an initialization function
- 11.8 Registering matching rule functions
- 11.9 Specifying start and close functions
- 12 Using the custom distribution logic
- 13 Using data interoperability plug-ins
- 5 Front end API functions
- Part III Data type and structure reference
- 14 Data type and structure reference
- 14.1 berval
- 14.2 computed_attr_context
- 14.3 LDAPControl
- 14.4 LDAPMod
- 14.5 mrFilterMatchFn
- 14.6 plugin_referral_entry_callback
- 14.7 plugin_result_callback
- 14.8 plugin_search_entry_callback
- 14.9 send_ldap_referral_fn_ptr_t
- 14.10 send_ldap_result_fn_ptr_t
- 14.11 send_ldap_search_entry_fn_ptr_t
- 14.12 Slapi_Attr
- 14.13 Slapi_Back end
- 14.14 slapi_back end_state_change_fnptr
- 14.15 Slapi_ComponentID
- 14.16 slapi_compute_callback_t
- 14.17 slapi_compute_output_t
- 14.18 Slapi_Connection
- 14.19 Slapi_CondVar
- 14.20 Slapi_Counter
- 14.21 Slapi_DN
- 14.22 Slapi_Entry
- 14.23 Slapi_Filter
- 14.24 Slapi_MatchingRuleEntry
- 14.25 Slapi_Mod
- 14.26 Slapi_Mods
- 14.27 Slapi_Mutex
- 14.28 Slapi_Operation
- 14.29 Slapi_PBlock
- 14.30 Slapi_PluginDesc
- 14.31 Slapi_RDN
- 14.32 Slapi_Task
- 14.33 Slapi_UniqueID
- 14.34 Slapi_Value
- 14.35 Slapi_ValueSet
- 14.36 Synchronization callbacks and data types
- 14 Data type and structure reference
- Part IV Function reference
- 15 Distribution routines
- 16 Functions for access control
- 17 Functions for internal operations and plug-in callback
- 18 Functions for setting internal operation flags
- 19 Functions for handling attributes
- 19.1 slapi_attr_add_value()
- 19.2 slapi_attr_basetype()
- 19.3 slapi_attr_dup()
- 19.4 slapi_attr_first_value()
- 19.5 slapi_attr_flag_is_set()
- 19.6 slapi_attr_free()
- 19.7 slapi_attr_get_bervals_copy()
- 19.8 slapi_attr_get_flags()
- 19.9 slapi_attr_get_numvalues()
- 19.10 slapi_attr_get_oid_copy()
- 19.11 slapi_attr_get_type()
- 19.12 slapi_attr_get_valueset()
- 19.13 slapi_attr_init()
- 19.14 slapi_attr_new()
- 19.15 slapi_attr_next_value()
- 19.16 slapi_attr_set_valueset()
- 19.17 slapi_attr_syntax_normalize()
- 19.18 slapi_attr_type2plugin()
- 19.19 slapi_attr_type_cmp()
- 19.20 slapi_attr_types_equivalent()
- 19.21 slapi_attr_value_cmp()
- 19.22 slapi_attr_value_find()
- 19.23 slapi_valueset_set_from_smod()
- 20 Functions for managing back end operations
- 20.1 slapi_be_addsuffix()
- 20.2 slapi_be_delete_onexit()
- 20.3 slapi_be_exist()
- 20.4 slapi_be_free()
- 20.5 slapi_be_get_instance_info()
- 20.6 slapi_be_get_name()
- 20.7 slapi_be_get_readonly()
- 20.8 slapi_be_getentrypoint()
- 20.9 slapi_be_getsuffix()
- 20.10 slapi_be_gettype()
- 20.11 slapi_be_is_flag_set()
- 20.12 slapi_be_issuffix()
- 20.13 slapi_be_logchanges()
- 20.14 slapi_be_new()
- 20.15 slapi_be_private()
- 20.16 slapi_be_select()
- 20.17 slapi_be_select_by_instance_name()
- 20.18 slapi_be_set_flag()
- 20.19 slapi_be_set_instance_info()
- 20.20 slapi_be_set_readonly()
- 20.21 slapi_be_setentrypoint()
- 20.22 slapi_get_first_back end()
- 20.23 slapi_get_first_suffix()
- 20.24 slapi_get_next_back end()
- 20.25 slapi_get_next_suffix()
- 20.26 slapi_is_root_suffix()
- 20.27 slapi_register_back end_state_change()
- 20.28 slapi_unregister_back end_state_change()
- 21 Functions for dealing with controls
- 22 Functions for syntax plug-ins
- 23 Functions for managing memory
- 24 Functions for managing entries
- 24.1 slapi_entry2str()
- 24.2 slapi_entry2str_with_options()
- 24.3 slapi_entry_add_rdn_values()
- 24.4 slapi_entry_add_string()
- 24.5 slapi_entry_add_value()
- 24.6 slapi_entry_add_values_sv()
- 24.7 slapi_entry_add_valueset()
- 24.8 slapi_entry_alloc()
- 24.9 slapi_entry_apply_mods()
- 24.10 slapi_entry_attr_delete()
- 24.11 slapi_entry_attr_find()
- 24.12 slapi_entry_attr_get_bool()
- 24.13 slapi_entry_attr_get_charptr()
- 24.14 slapi_entry_attr_get_charray()
- 24.15 slapi_entry_attr_get_int()
- 24.16 slapi_entry_attr_get_long()
- 24.17 slapi_entry_attr_get_uint()
- 24.18 slapi_entry_attr_get_ulong()
- 24.19 slapi_entry_attr_has_syntax_value()
- 24.20 slapi_entry_attr_merge_sv()
- 24.21 slapi_entry_attr_replace_sv()
- 24.22 slapi_entry_attr_set_charptr()
- 24.23 slapi_entry_attr_set_int()
- 24.24 slapi_entry_attr_set_long()
- 24.25 slapi_entry_attr_set_uint()
- 24.26 slapi_entry_attr_set_ulong()
- 24.27 slapi_entry_delete_string()
- 24.28 slapi_entry_delete_values_sv()
- 24.29 slapi_entry_dup()
- 24.30 slapi_entry_first_attr()
- 24.31 slapi_entry_free()
- 24.32 slapi_entry_get_dn()
- 24.33 slapi_entry_get_dn_const()
- 24.34 slapi_entry_get_ndn()
- 24.35 slapi_entry_get_sdn()
- 24.36 slapi_entry_get_sdn_const()
- 24.37 slapi_entry_get_uniqueid()
- 24.38 slapi_entry_has_children()
- 24.39 slapi_entry_init()
- 24.40 slapi_entry_merge_values_sv()
- 24.41 slapi_entry_next_attr()
- 24.42 slapi_entry_rdn_values_present()
- 24.43 slapi_entry_schema_check()
- 24.44 slapi_entry_set_dn()
- 24.45 slapi_entry_set_sdn()
- 24.46 slapi_entry_set_uniqueid()
- 24.47 slapi_entry_size()
- 24.48 slapi_is_rootdse()
- 24.49 slapi_str2entry()
- 25 Functions related to entry flags
- 26 Functions for dealing with filters
- 26.1 slapi_filter_apply()
- 26.2 slapi_filter_compare()
- 26.3 slapi_filter_dup()
- 26.4 slapi_filter_free()
- 26.5 slapi_filter_get_attribute_type()
- 26.6 slapi_filter_get_ava()
- 26.7 slapi_filter_get_choice()
- 26.8 slapi_filter_get_subfilt()
- 26.9 slapi_filter_get_type()
- 26.10 slapi_filter_join()
- 26.11 slapi_filter_join_ex()
- 26.12 slapi_filter_list_first()
- 26.13 slapi_filter_list_next()
- 26.14 slapi_filter_test()
- 26.15 slapi_filter_test_ext()
- 26.16 slapi_filter_test_simple()
- 26.17 slapi_find_matching_paren()
- 26.18 slapi_str2filter()
- 26.19 slapi_vattr_filter_test()
- 27 Functions specific to extended operation
- 28 Functions specific to bind methods
- 29 Functions for thread-safe LDAP connections
- 30 Functions for logging
- 31 Functions for counters
- 32 Functions for handling matching rules
- 32.1 slapi_berval_cmp()
- 32.2 slapi_matchingrule_free()
- 32.3 slapi_matchingrule_get()
- 32.4 slapi_matchingrule_is_ordering()
- 32.5 slapi_matchingrule_new()
- 32.6 slapi_matchingrule_register()
- 32.7 slapi_matchingrule_set()
- 32.8 slapi_matchingrule_unregister()
- 32.9 slapi_mr_filter_index()
- 32.10 slapi_mr_indexer_create()
- 33 Functions for LDAPMod manipulation
- 33.1 slapi_entry2mods()
- 33.2 slapi_mod_add_value()
- 33.3 slapi_mod_done()
- 33.4 slapi_mod_dump()
- 33.5 slapi_mod_free()
- 33.6 slapi_mod_get_first_value()
- 33.7 slapi_mod_get_ldapmod_byref()
- 33.8 slapi_mod_get_ldapmod_passout()
- 33.9 slapi_mod_get_next_value()
- 33.10 slapi_mod_get_num_values()
- 33.11 slapi_mod_get_operation()
- 33.12 slapi_mod_get_type()
- 33.13 slapi_mod_init()
- 33.14 slapi_mod_init_byref()
- 33.15 slapi_mod_init_byval()
- 33.16 slapi_mod_init_passin()
- 33.17 slapi_mod_init_valueset_byval()
- 33.18 slapi_mod_isvalid()
- 33.19 slapi_mod_new()
- 33.20 slapi_mod_remove_value()
- 33.21 slapi_mod_set_operation()
- 33.22 slapi_mod_set_type()
- 33.23 slapi_mods2entry()
- 33.24 slapi_mods_add()
- 33.25 slapi_mods_add_ldapmod()
- 33.26 slapi_mods_add_mod_values()
- 33.27 slapi_mods_add_smod()
- 33.28 slapi_mods_add_modbvps()
- 33.29 slapi_mods_add_string()
- 33.30 slapi_mods_done()
- 33.31 slapi_mods_dump()
- 33.32 slapi_mods_free()
- 33.33 slapi_mods_get_first_mod()
- 33.34 slapi_mods_get_first_smod()
- 33.35 slapi_mods_get_ldapmods_byref()
- 33.36 slapi_mods_get_ldapmods_passout()
- 33.37 slapi_mods_get_next_mod()
- 33.38 slapi_mods_get_next_smod()
- 33.39 slapi_mods_get_num_mods()
- 33.40 slapi_mods_init()
- 33.41 slapi_mods_init_byref()
- 33.42 slapi_mods_init_passin()
- 33.43 slapi_mods_insert_after()
- 33.44 slapi_mods_insert_at()
- 33.45 slapi_mods_insert_before()
- 33.46 slapi_mods_insert_smod_at()
- 33.47 slapi_mods_insert_smod_before()
- 33.48 slapi_mods_iterator_backone()
- 33.49 slapi_mods_new()
- 33.50 slapi_mods_remove()
- 34 Functions for monitoring operations
- 35 Functions for managing parameter block
- 36 Functions for handling passwords
- 37 Functions for managing RDNs
- 37.1 slapi_rdn_add()
- 37.2 slapi_rdn_compare()
- 37.3 slapi_rdn_contains()
- 37.4 slapi_rdn_contains_attr()
- 37.5 slapi_rdn_done()
- 37.6 slapi_rdn_free()
- 37.7 slapi_rdn_get_first()
- 37.8 slapi_rdn_get_index()
- 37.9 slapi_rdn_get_index_attr()
- 37.10 slapi_rdn_get_next()
- 37.11 slapi_rdn_get_num_components()
- 37.12 slapi_rdn_get_rdn()
- 37.13 slapi_rdn_get_nrdn()
- 37.14 slapi_rdn_init()
- 37.15 slapi_rdn_init_dn()
- 37.16 slapi_rdn_init_rdn()
- 37.17 slapi_rdn_init_sdn()
- 37.18 slapi_rdn_isempty()
- 37.19 slapi_rdn_new()
- 37.20 slapi_rdn_new_dn()
- 37.21 slapi_rdn_new_rdn()
- 37.22 slapi_rdn_new_sdn()
- 37.23 slapi_rdn_remove()
- 37.24 slapi_rdn_remove_attr()
- 37.25 slapi_rdn_remove_index()
- 37.26 slapi_rdn_set_dn()
- 37.27 slapi_rdn_set_rdn()
- 37.28 slapi_rdn_set_sdn()
- 37.29 slapi_rdn2typeval()
- 38 Functions for managing roles
- 39 Functions for managing DNs
- 39.1 slapi_dn_isroot()
- 39.2 slapi_dn_normalize_case()
- 39.3 slapi_dn_normalize_to_end()
- 39.4 slapi_moddn_get_newdn()
- 39.5 slapi_sdn_add_rdn()
- 39.6 slapi_sdn_compare()
- 39.7 slapi_sdn_copy()
- 39.8 slapi_sdn_done()
- 39.9 slapi_sdn_dup()
- 39.10 slapi_sdn_free()
- 39.11 slapi_sdn_get_back end_parent()
- 39.12 slapi_sdn_get_dn()
- 39.13 slapi_sdn_get_ndn()
- 39.14 slapi_sdn_get_ndn_len()
- 39.15 slapi_sdn_get_parent()
- 39.16 slapi_sdn_get_rdn()
- 39.17 slapi_sdn_is_rdn_component()
- 39.18 slapi_sdn_isempty()
- 39.19 slapi_sdn_isgrandparent()
- 39.20 slapi_sdn_isparent()
- 39.21 slapi_sdn_issuffix()
- 39.22 slapi_sdn_new()
- 39.23 slapi_sdn_new_dn_byref()
- 39.24 slapi_sdn_new_dn_byval()
- 39.25 slapi_sdn_new_dn_passin()
- 39.26 slapi_sdn_new_ndn_byref()
- 39.27 slapi_sdn_new_ndn_byval()
- 39.28 slapi_sdn_scope_test()
- 39.29 slapi_sdn_set_dn_byref()
- 39.30 slapi_sdn_set_dn_byval()
- 39.31 slapi_sdn_set_dn_passin()
- 39.32 slapi_sdn_set_ndn_byref()
- 39.33 slapi_sdn_set_ndn_byval()
- 39.34 slapi_sdn_set_parent()
- 39.35 slapi_sdn_set_rdn()
- 40 Functions for sending entries and results to the client
- 41 Functions related to UTF-8
- 41.1 slapi_has8thBit()
- 41.2 slapi_utf8casecmp()
- 41.3 slapi_UTF8CASECMP()
- 41.4 slapi_utf8ncasecmp()
- 41.5 slapi_UTF8NCASECMP()
- 41.6 slapi_utf8isLower()
- 41.7 slapi_UTF8ISLOWER()
- 41.8 slapi_utf8isUpper()
- 41.9 slapi_UTF8ISUPPER()
- 41.10 slapi_utf8StrToLower()
- 41.11 slapi_UTF8STRTOLOWER()
- 41.12 slapi_utf8StrToUpper()
- 41.13 slapi_UTF8STRTOUPPER()
- 41.14 slapi_utf8ToLower()
- 41.15 slapi_UTF8TOLOWER()
- 41.16 slapi_utf8ToUpper()
- 41.17 slapi_UTF8TOUPPER()
- 42 Functions for handling values
- 42.1 slapi_value_compare()
- 42.2 slapi_value_dup()
- 42.3 slapi_value_free()
- 42.4 slapi_value_get_berval()
- 42.5 slapi_value_get_int()
- 42.6 slapi_value_get_length()
- 42.7 slapi_value_get_long()
- 42.8 slapi_value_get_string()
- 42.9 slapi_value_get_uint()
- 42.10 slapi_value_get_ulong()
- 42.11 slapi_value_init()
- 42.12 slapi_value_init_berval()
- 42.13 slapi_value_init_string()
- 42.14 slapi_value_init_string_passin()
- 42.15 slapi_value_new()
- 42.16 slapi_value_new_berval()
- 42.17 slapi_value_new_string()
- 42.18 slapi_value_new_string_passin()
- 42.19 slapi_value_new_value()
- 42.20 slapi_value_set()
- 42.21 slapi_value_set_berval()
- 42.22 slapi_value_set_int()
- 42.23 slapi_value_set_string()
- 42.24 slapi_value_set_string_passin()
- 42.25 slapi_value_set_value()
- 43 Functions for handling valuesets
- 43.1 slapi_valueset_add_value()
- 43.2 slapi_valueset_add_value_ext()
- 43.3 slapi_valueset_count()
- 43.4 slapi_valueset_done()
- 43.5 slapi_valueset_find()
- 43.6 slapi_valueset_first_value()
- 43.7 slapi_valueset_free()
- 43.8 slapi_valueset_init()
- 43.9 slapi_valueset_new()
- 43.10 slapi_valueset_next_value()
- 43.11 slapi_valueset_set_from_smod()
- 43.12 slapi_valueset_set_valueset()
- 44 Functions specific to virtual attribute service
- 45 Functions for managing locks and synchronization
- 46 Functions for managing computed attributes
- 47 Functions for manipulating bits
- 48 Functions for registering object extensions
- 49 Functions related to data interoperability
- 50 Functions for registering additional plug-ins
- 51 Functions for server tasks
- 51.1 slapi_destroy_task()
- 51.2 slapi_new_task()
- 51.3 slapi_task_begin()
- 51.4 slapi_task_cancel()
- 51.5 slapi_task_dec_refcount()
- 51.6 slapi_task_finish()
- 51.7 slapi_task_get_data()
- 51.8 slapi_task_get_refcount()
- 51.9 slapi_task_get_state()
- 51.10 slapi_task_inc_progress()
- 51.11 slapi_task_inc_refcount()
- 51.12 slapi_task_log_notice()
- 51.13 slapi_task_log_status()
- 51.14 slapi_task_register_handler()
- 51.15 slapi_task_set_data()
- 51.16 slapi_task_set_cancel_fn()
- 51.17 slapi_task_set_destructor_fn()
- 51.18 slapi_task_status_changed()
- Part V Parameter block reference
- 52 Parameters for registering plug-in functions
- 53 Parameters accessible to all plug-ins
- 53.1 Information about the database
- 53.2 Information about the connection
- 53.3 Information about the operation
- 53.4 Information about extended operations
- 53.5 Information about the transaction
- 53.6 Information about access control lists
- 53.7 Notes in the access log
- 53.8 Information about the plug-in
- 53.9 Information about command-line arguments
- 53.10 Information about attributes
- 53.11 Information about targets
- 54 Parameters for the bind function
- 55 Parameters for the search function
- 56 Parameters that convert strings to entries
- 57 Parameters for the add function
- 58 Parameters for the compare function
- 59 Parameters for the delete function
- 60 Parameters for the modify function
- 61 Parameters for the modify RDN function
- 62 Parameters for the abandon function
- 63 Parameters for the matching rule function
- 64 Parameters for LDBM back end pre- and postoperation functions
- 65 Parameters for the database
- 66 Parameters for LDAP functions
- 67 Parameters for error logging
- 68 Parameters for filters
- 69 Parameters for password storage
- 70 Parameters for resource limits
- 71 Parameters for the virtual attribute service
- Part VI Support and other resources
- Glossary
- Index
If the function returns a nonzero value, the server ends the processing of the bind
request. The bind function is responsible for sending the appropriate result code back
to the client before returning a nonzero value.
•
• If the function returns 0, the server continues processing the bind request. The server
sends the [LDAP_SUCCESS] result code back to the client. (The bind function does
not do this.)
11. If the back end bind function succeeds, the server sets the SLAPI_CONN_DN parameter to
the DN, and the SLAPI_CONN_AUTHTYPE parameter to the authentication method.
12. The server sends an [LDAP_SUCCESS] result code back to the client and ends the processing
of the bind request.
If the client's password is due to expire, the server includes a password expiring control
(with the OID 2.16.840.1.113730.3.4.5) as part of the result sent to the client. If the client is
logging in for the first time and needs to change the password, the server includes a
password expired control (with the OID 2.16.840.1.113730.3.4.4) as part of the result sent
to the client.
8.4 Writing your own authentication plug-in
The situation may arise where you want to write and implement your own authentication
function; that is, replace the standard means of authentication with your own function. You can
write a preoperation bind plug-in function (a function that the server calls before processing an
LDAP bind request) that performs the authentication and bypasses the default bind functionality.
This is described in the following section.
8.5 Writing a preoperation bind plug-in
You can define your own preoperation bind plug-in function to authenticate LDAP clients. The
server will call your function during the authentication process. See “How an authentication
request is processed” for more information on the authentication process. Your function should
return a nonzero value to bypass the default back end bind function and the postoperation bind
functions.
This means that the final steps of the authentication process are skipped. Your preoperation
plug-in function is responsible for sending the result code to the client and for setting the DN
and authentication method for the connection.
Figure 8-1 “Using a preoperation bind plug-in function to handle authentication” summarizes
the process of using a preoperation bind plug-in function to authenticate LDAP clients to the
Directory Server.
8.4 Writing your own authentication plug-in 71